I’m working on a class project to use a local Sovrin Network to create a petition system for UMD students. I’m very new to Sovrin and just wanted to see if my understanding is correct and ask for some pointers for the next steps.

The current plan is to

Make the School a Trust Anchor and Agent

Use the schools authentication system to let students create an DID with the school.

School then Signs a claim that they are a student.

Students can then “sign” petitions by creating a new DID with a petition and provide their claim from the school.

Yes, agents should have an encrypted wallet that’s unlocked with some sort of secret. A password is a weak form of secret, but it may be okay for certain use cases.

You should be able to take the sample python agents used by the Getting Started workflow, and modify them slightly to get what you are after. For example, the Faber College agent could become your school agent.

The libindy functions for a wallet allow a parameter that locks and unlocks a wallet. You can think of this as a password, and I think you should for your use case.

As you pointed out, if we’re talking about a mobile app, the secret that does the unlocking could come from a secure enclave, guarded by a biometric. That would obviously be stronger. It is also possible to conceive of schemes where a very strong secret (passphrase, 256-bit random entropy, etc) is sharded among many parties and reconstituted to unlock something, as opposed to treating the secret like a simple password.